AWS WAF – IP reputation

To prevent attacks based on IP address reputation, you can create rules using IP matching or use Managed Rules for AWS WAF.

Amazon's IP reputation list rule group includes rules based on Amazon's internal threat intelligence. These rules look for IP addresses that are bots, performing reconnaissance against AWS resources, or actively engaging in DDoS activities. The AWSManagedIPDDoSList rule, has been observed blocking over 90% of malicious request floods.

The Anonymous IP list rule group contains rules to block requests from services that allow the obfuscation of viewer identity. These include requests from VPNs, proxies, Tor nodes, and cloud platforms (excluding AWS).

In addition you can make use of third-party IP reputation lists by using the IP Lists parser component of the Security Automations for AWS WAF solution.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS WAF – Rate-based rules

AWS WAF - Intelligent threat mitigation